Generally, all terms used herein are to be interpreted according to their ordinary meaning in the relevant technical field, unless a different meaning is clearly given and/or is implied from the context in which it is used. All references to a/an/the element, apparatus, component, means, step, etc. are to be interpreted openly as referring to at least one instance of the element, apparatus, component, means, step, etc., unless explicitly stated otherwise. The steps of any methods disclosed herein do not have to be performed in the exact order disclosed, unless a step is explicitly described as following or preceding another step and/or where it is implicit that a step must follow or precede another step. Any feature of any of the embodiments disclosed herein may be applied to any other embodiment, wherever appropriate. Likewise, any advantage of any of the embodiments may apply to any other embodiments, and vice versa. Other objectives, features and advantages of the enclosed embodiments will be apparent from the following description.
5G is a next generation of mobile networks developed by a standards developing organization called the 3GPP. The earlier generations of mobile networks were called 4G/LTE, 3G/UMTS, and 2G/GSM. A 5G network is maintained and its services are offered by the so-called Mobile Network Operators (MNOs). MNOs are distinguishable from each other by two types of codes, namely the Mobile Country Code (MCC) and the Mobile Network Code (MNC). To use a particular 5G network offered by a particular MNO, users are required to have a sort of contractual relationship with that MNO, that relationship being generally called the subscription. In cases when the user lacks a subscription to some particular MNO (e.g., in a so-called roaming scenario), the relationship is achieved by roaming agreements between the MNO where the user has a subscription, i.e., the user's Home Network (HN) and the MNO that the user is being served, i.e., the Visited Network (VN). Each subscription in a MNO's 5G network is identified by a unique long-term identifier called the Subscription Permanent Identifier (SUPI). Users wirelessly access a 5G network over-the-air using wireless device known as User Equipment (UE). Before providing any service, a 5G network needs to identify a user, i.e., the user's subscription, behind a UE. For this purpose of identification, UEs in earlier generation of mobile networks (4G, 3G, and 2G) used to send users' unique long-term identifier over-the-air. This was considered a privacy issue because users could be tracked or identified by any unauthorized entity capable of intercepting message or acting as man-in-the-middle over-the-air. However, in a 5G network, its MNO has an ability to offer better privacy to its users so that their unique long-term identifiers (i.e., SUPIs) are not visible over-the-air. That ability comes from a mechanism in which UEs, instead of sending SUPIs, calculate and send concealed identifiers over-the-air, which is called the Subscription Concealed Identifier (SUCI). The MNO makes available to UEs all information that are necessary for the calculation of SUCI.
The calculation of SUCI means the UE encrypting the SUPI. This is done before the SUCI is transferred over-the-air between the UE and the 5G network. The encryption is of asymmetric type and uses the HN's public key (denoted HN public key). The HN makes the HN public key available to the UE. There could be multiple ways of doing the asymmetric encryption of the SUPI for calculating the SUCI, these ways denoted as encryption schemes. Some example of the encryption schemes are ElGamal encryption scheme, Elliptic Curve Integrated Encryption Scheme (ECIES), and RSA encryption. There could also be multiple variants of the same scheme, e.g., different elliptic curves could be used with an ECIES scheme like SECP256R1, SECP384R1, and CURVE25519. These encryption schemes could either be standardized, say by the 3GPP, or be proprietary, decided by each MNO on its own. On one hand, the advantage of standardized encryption schemes is that those encryption scheme becomes publicly available or known, which increases inter-operability, e.g., all UE vendors could support the standardized schemes. On the other hand, the advantage of proprietary encryption schemes is that each MNO can independently choose and use any encryption scheme suitable to its operational efficiency, security and privacy offerings, or regulatory requirements.
Before going into further details, it is important to understand some technical aspects of a UE. The UE consists of several parts or components that altogether enables the users of the UE to access the services provided by the network. We are mainly interested in distinguishing two parts on a high level, which will assist in understanding the rest of the document. Those two parts are the Universal Subscriber Identity Module (USIM) and the Mobile Equipment (ME).
First, the USIM part is a special software application that provides various functions like providing identifier and authentication of the user's subscription, security key generations, etc. The USIM runs on a tamper resistant secure hardware component, e.g., Universal Integrated Circuit Card (UICC). Second, the ME part denotes the wireless device comprising of hardware and software needed to communicate with the network. The ME is popularly known as a mobile phone, or smart phone.
The above mentioned HN public key, along with other information, i.e., encryption scheme parameters are stored in the USIM part of the UE by the MNO. The process of the said storing is generally called provisioning. Over-the-air (OTA) updates is one example of the provisioning.
Whereas the information necessary for calculating the SUCI is stored or provisioned in the USIM part of the UE, in the UE there are two parts that may actually calculate the SUCI (i.e., computation or implementation of the encryption), either the USIM part or the ME part.
There currently exist certain challenge(s). The HN has tight control and strong trust on its USIM deployments and USIM vendors. Through the USIM, the HN controls the offering of the privacy improvements of its users. This is done by providing the USIM with information used for calculation of the SUCI, e.g., the HN public key, and encryption scheme parameters. However, the SUCI calculation can be performed not only in the USIM, but also in the ME part of the UE. In the ME, the SUCI calculation is not in control of the HN because the HN has little control over ME deployments and ME vendors. In other words, the HN is not in tight control of the offering of the privacy improvements to its users. It is challenging for the HN to ensure that SUCI is calculated in USIM or ME, wherever intended. Further, this may have security or privacy consequences, e.g., SUCI is unintentionally calculated in an erroneous part of the UE. This in turn is undesirable and harms the general good of its user's privacy.